Re: [iptables PATCH] configure: make libmnl and libnftnl hard requirements

2016-04-26 Thread Jan Engelhardt
On Tuesday 2016-04-26 21:27, Giuseppe Longo wrote: >index 12bffa9..b170add 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -122,8 +122,26 @@ AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = >1]) > if test "x$enable_nftables" = "xyes"; then > PKG_CHECK_MODULES([libmnl], [libmnl

Re: [iptables PATCH] configure: make libmnl and libnftnl hard requirements

2016-04-26 Thread Pablo Neira Ayuso
On Tue, Apr 26, 2016 at 11:20:19PM +0200, Jan Engelhardt wrote: > > On Tuesday 2016-04-26 21:27, Giuseppe Longo wrote: > >index 12bffa9..b170add 100644 > >--- a/configure.ac > >+++ b/configure.ac > >@@ -122,8 +122,26 @@ AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" > >= 1]) > > if test

[PATCH -nf v7] netfilter: nftables: add connlabel set support

2016-04-26 Thread Florian Westphal
Conntrack labels are currently sized depending on the iptables ruleset, i.e. if we're asked to test or set bits 1, 2, and 65 then we would allocate enough room to store at least bit 65. However, with nft, the input is just a register with arbitrary runtime content. We therefore ask for the upper

iptables audit target causes kernel panic with iptables-persistent (kernel 3.2.78)

2016-04-26 Thread Lev Stipakov
Hello, I see kernel panic with iptables-persistent package installed and one iptables rule with AUDIT target. root@debian7:~# uname -a Linux debian7 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64 GNU/Linux root@debian7:~# dpkg -l | grep iptables ii iptables 1.4.14-3.1

iptables audit target causes kernel panic with iptables-persistent (kernel 3.2.78)

2016-04-26 Thread Lev Stipakov
Hello, I see kernel panic with iptables-persistent package installed and one iptables rule with AUDIT target. root@debian7:~# uname -a Linux debian7 3.2.0-4-amd64 #1 SMP Debian 3.2.78-1 x86_64 GNU/Linux root@debian7:~# dpkg -l | grep iptables ii iptables1.4.14-3.1 ii

Re: [PATCH net-next 9/9] taskstats: use the libnl API to align nlattr on 64-bit

2016-04-26 Thread Balbir Singh
On 23/04/16 01:31, Nicolas Dichtel wrote: > Goal of this patch is to use the new libnl API to align netlink attribute > when needed. > The layout of the netlink message will be a bit different after the patch, > because the padattr (TASKSTATS_TYPE_STATS) will be inside the nested > attribute

Re: iptables audit target causes kernel panic with iptables-persistent (kernel 3.2.78)

2016-04-26 Thread Lev Stipakov
Kernel crash dump: [ 217.819774] piix4_smbus :00:07.0: SMBus base address uninitialized - upgrade BIOS or use force_addr=0xaddr [ 218.173782] Error: Driver 'pcspkr' is already registered, aborting... [ 229.433697] BUG: unable to handle kernel paging request at 88021a2fc80b [

[PATCH libnftnl] libnftnl: constify object arguments to various functions

2016-04-26 Thread Patrick McHardy
flow table support needs constant object arguments to printing functions to avoid ugly casts. While at it, also constify object arguments to message construction, destructor and a few helper functions. Signed-off-by: Patrick McHardy --- include/data_reg.h | 8 +---

[Documentation] SNAT in INPUT chain

2016-04-26 Thread Lion Yang
netfilter after about (linux kernel) 2.4.x (or 2.6.x?) [1] can put SNAT into hook NF_IP_LOCAL_IN. However, official docs(including 'man') doesn't change, so far. It's hard to me to write something correctly and precisely in English. Would someone improve the docs please? ps: Maybe add some

Re: [Documentation] SNAT in INPUT chain

2016-04-26 Thread Lion Yang
Yes, enough. 27.04.2016, 00:13, "Florian Westphal" : > Is this enough? > > --- a/iptables/iptables.8.in > +++ b/iptables/iptables.8.in > @@ -103,8 +103,9 @@ the built-in chains \fBINPUT\fP (for packets destined to > local sockets), >  .TP >  \fBnat\fP: >  This table is consulted

Re: [Documentation] SNAT in INPUT chain

2016-04-26 Thread Florian Westphal
Lion Yang wrote: > netfilter after about (linux kernel) 2.4.x (or 2.6.x?) [1] can put SNAT into > hook NF_IP_LOCAL_IN. > However, official docs(including 'man') doesn't change, so far. > > It's hard to me to write something correctly and precisely in English. > Would someone

[iptables PATCH] configure: make libmnl and libnftnl hard requirements

2016-04-26 Thread Giuseppe Longo
From: Giuseppe Longo Iptables building is broken if either libmnl orlibnftnl is not installed on the system. Configure script actually checks if libmnl and libnftnl are installed, but doesn't exit if they are not. Signed-off-by: Giuseppe Longo ---

Re: iptables audit target causes kernel panic with iptables-persistent (kernel 3.2.78)

2016-04-26 Thread Paul Moore
On Tue, Apr 26, 2016 at 3:58 PM, Lev Stipakov wrote: > Yep, it works fine on Debian 8: > > lev@debi:~$ uname -a > Linux debi 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) > x86_64 GNU/Linux I would suggest bringing this up with the Debian kernel

Re: [PATCH net-next 9/9] wireless: use nla_put_u64_64bit()

2016-04-26 Thread Nicolas Dichtel
Hi Johannes, Le 26/04/2016 09:39, Johannes Berg a écrit : > Hi Nicholas, > > Thanks for doing this. > > I'll also add a fix for the macro-generated nla_put_64() in > nl80211_send_station(), unless there was a particular reason you didn't > take that one? > > I suspect you just missed it while

Re: iptables audit target causes kernel panic with iptables-persistent (kernel 3.2.78)

2016-04-26 Thread Lev Stipakov
Yep, it works fine on Debian 8: lev@debi:~$ uname -a Linux debi 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux On 26.04.2016 21:54, Paul Moore wrote: I cannot reproduce it on (one of) previous kernel version: lev@debi7:~$ uname -a Linux debi7